The flaws allow attackers to execute arbitrary code remotely and elevate their privileges to root on an affected system.
The post Cisco Patches Critical Vulnerabilities in Contact Center Appliance appeared first on SecurityWeek.
Exploited ‘Post SMTP’ Plugin Flaw Exposes WordPress Sites to Takeover
The critical vulnerability allows attackers to read arbitrary emails, including password reset messages.
The post Exploited ‘Post SMTP’ Plugin Flaw Exposes WordPress Sites to Takeover appeared first on SecurityWeek.
CISA Warns of CWP Vulnerability Exploited in the Wild
A critical vulnerability in Control Web Panel (CWP), tracked as CVE-2025-48703, allows remote, unauthenticated command execution.
The post CISA Warns of CWP Vulnerability Exploited in the Wild appeared first on SecurityWeek.
Apple Patches 19 WebKit Vulnerabilities
Apple has released iOS 26.1 and macOS Tahoe 26.1 with patches for over 100 vulnerabilities, including critical flaws.
The post Apple Patches 19 WebKit Vulnerabilities appeared first on SecurityWeek.
How Software Development Teams Can Securely and Ethically Deploy AI Tools
To deploy AI tools securely and ethically, teams must balance innovation with accountability—establishing strong governance, upskilling developers, and enforcing rigorous code reviews.
The post How Software Development Teams Can Securely and Ethically Deploy AI Tools appeared first on SecurityWeek.
Google Pays $100,000 in Rewards for Two Chrome Vulnerabilities
The two bugs are high-severity type confusion and inappropriate implementation issues in the browser’s V8 JavaScript engine.
The post Google Pays $100,000 in Rewards for Two Chrome Vulnerabilities appeared first on SecurityWeek.
CISA Adds Exploited XWiki, VMware Flaws to KEV Catalog
Broadcom has updated its advisory on CVE-2025-41244 to mention the vulnerability’s in-the-wild exploitation.
The post CISA Adds Exploited XWiki, VMware Flaws to KEV Catalog appeared first on SecurityWeek.
QNAP NetBak PC Agent Affected by Recent ASP.NET Core Vulnerability
The critical-severity flaw allows attackers to smuggle HTTP requests and access sensitive data, modify server files, or cause DoS conditions.
The post QNAP NetBak PC Agent Affected by Recent ASP.NET Core Vulnerability appeared first on SecurityWeek.
Year-Old WordPress Plugin Flaws Exploited to Hack Websites
Roughly 9 million exploit attempts were observed this month as mass exploitation of the critical vulnerabilities recommenced.
The post Year-Old WordPress Plugin Flaws Exploited to Hack Websites appeared first on SecurityWeek.
Chrome Zero-Day Exploitation Linked to Hacking Team Spyware
The threat actor behind Operation ForumTroll used the same toolset typically employed in Dante spyware attacks.
The post Chrome Zero-Day Exploitation Linked to Hacking Team Spyware appeared first on SecurityWeek.